CVE-2019-5420
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Produtos afetados
Rails · https://github.com/rails/railsPoCs públicas encontradas — 15
githubgithub.com/knqyf263/CVE-2019-5420★ 8githubgithub.com/j4k0m/CVE-2019-5420★ 5githubgithub.com/laffray/ruby-RCE-CVE-2019-5420-★ 5githubgithub.com/scumdestroy/CVE-2019-5420.rb★ 3githubgithub.com/WildWestCyberSecurity/cve-2019-5420-POC★ 1githubgithub.com/Eremiel/CVE-2019-5420★ 0githubgithub.com/cved-sources/cve-2019-5420★ 0githubgithub.com/mmeza-developer/CVE-2019-5420-RCE★ 0githubgithub.com/trickstersec/CVE-2019-5420★ 0githubgithub.com/PenTestical/CVE-2019-5420★ 0githubgithub.com/AnasTaoutaou/CVE-2019-5420★ 0githubgithub.com/sealldeveloper/CVE-2019-5420-PoC★ 0exploitdbwww.exploit-db.com/exploits/46785não verificadocve_referencewww.exploit-db.com/exploits/46785/não verificadocve_referencepacketstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.htmlhttps://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKwhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/https://www.exploit-db.com/exploits/46785/